EMV Payment Technology - The Implications for Retail Florists

May 12, 2015


The retail floral industry is a very different kind of retail, and the implications of the EMV payment standard (and October deadline) are different for florists.


Card-present transactions (the kind where the florist swipes the customer's credit card) are considered to be the most secure form of credit card transaction, largely because they depend on the possession of an authentication factor. The authentication factor (something only the customer should have) is a "token" in the form of the physical credit card.

The presence of the credit card makes card-present transactions more secure than telephone or web orders (so common in the floral industry) that only require information (primary card number, expiration date and sometimes CVV number). The card also allows the retail florist to check the signature, other ID, etc.

The problem is that physical credit cards make poor tokens. They simply aren't very secure. Nowadays compromised credit cards are relatively easy to acquire through theft, counterfeiting, cloning, etc.

This weakness is the problem that EMV tries to address. EMV is all about introducing a payment card format and card-present payment process that truly is secure. The EMV standard does this by including a special computer chip on the credit card. A traditional credit card might be easy to counterfeit, a chip card is not.

The EMV standard also introduces what is called multi-factor authentication. Multi-factor authentication improves security by requiring different authentication factors. In the case of EMV those factors are something you have (a physical token in the form of the EMV card) and something you know (a secret PIN). Neither works without the other, making the process much more secure.

The EMV process also requires the use of a special EMV terminal. When the customer makes a purchase the florist hands them a new kind of payment terminal. The customer inserts the credit card and is then required to confirm the amount and enter their PIN. It is this terminal that makes the whole thing possible.

EMV is primarily about reducing charges made to counterfeit credit cards. Let's imagine Tom Smith has a traditional Visa and uses it to make an online purchase. That online merchant is hacked, and Tom's Visa number is stolen. A counterfeiter then creates a copy of that card and uses it to make card-present transactions. Although relatively easy now this kind of fraud becomes much more difficult with EMV technology.

This extra security is good for Tom (the cardholder) because it means he is less likely to see (and have to report) fraudulent activity on his credit card statement. It is also good for banks and credit card companies because they will no longer have to cover the costs of this kind of fraud.

It is important to note that florists don't have to start doing anything differently as of the October deadline. A flower shop can continue to process credit cards exactly as they do now. Existing processes will not stop working or become less secure. The only difference is that, because a more secure options for processing card present transactions is available, there will also be a shift in liability.

Think back to Tom and the counterfeit Visa. Tom is not liable for fraudulent purchases made using a counterfeit version of his credit card. So who does cover the costs?

Right now, pre-deadline, the florist is not responsible. There are weaknesses in the non-EMV system that the banks and credit card companies currently provide, so they cover any losses, protecting the cardholder and the retail florist.

With EMV the banks and credit card companies are introducing a secure standard, and if a florist chooses not to take advantage of it they will be liable for  losses.

Back to Tom Smith and his counterfeit Visa.... after the October deadline it could only be used at a flower shop that is not using the EMV standard. Because that florist chose not to protect the cardholder by using the most secure process (EMV) the florist is now responsible for paying Tom back.

It is worth noting that EMV does not protect florists from the kind of large scale data breaches seen over the past few years. Those situations where criminals break into a system and steal thousands of credit card numbers? EMV does nothing to prevent that kind of attack. EMV does prevent the use of counterfeit cards bearing stolen number down the line, but it does not protect against the initial theft. If your system is secure, it is no less secure after the October deadline. If you have never suffered a data breach you are no more likely to suffer one after the October deadline.

The implications really depend on the nature of the business. If you are a merchant that does a lot of high-value card-present sales you are at risk on each and every one of them if you choose to ignore the EMV process after the deadline. This transaction profile is relatively uncommon in the retail floral industry. A florist might process large card-present payments for event work, but this is not the kind of anonymous high-value sale that some merchants (like those in retail electronics) see every day.

If however you are an online retailer EMV does nothing to protect you. EMV only protects card present transactions where the cardholder can enter a secure PIN into a special PIN terminal. That never happens in e-commerce and EMV can never protect those online sales. This is also true of telephone orders - EMC technology does not protect them.

Florists are in an interesting position. In the retail floral industry an average of 70% to 80% of floral sales are done over the phone or through the florist's e-commerce website. EMV technology cannot protect those transactions.

At best EMV technology can only protect in-person, card-present credit card sales, and these are relatively rare in the floral industry. For the average flower shop in–person are less than 30% of their volume, with roughly 60% of these being paid for with credit cards. That means that EMV technology will protect less than 20% of the sales for the average florist.

Category: Floral Industry

Related Content

Sure Your Flower Shop Website Works The Way You Think?

Too many florists believe they have responsive websites that work well from mobile devices but don't. Mobile is vital & you need to know what to look for.

Credit Card Surcharges Are a Dangerous Idea For Florists

Credit card surcharging (the practice of adding a surcharge or checkout fee to credit/debit card payments) is now allowed. Is it a good idea for florists?

Avoiding and Dealing With Credit Card Declines

Understanding the merchant side of a credit card payment can help avoid declines and deal with them efficiently when they do happen.

Florists and Restaurants: More in Common Than You Think

The flower business has much in common with the restaurant business (often more than with other retail) and florists can benefit from foodservice research.

Tim Huckabee – The Original (and Still the Best) Sales Trainer For Florists

Tim Huckabee, founder of Floral Strategies, might not be the only one doing sales training for florists but he was the original and he's still the best.

Website Monitoring Article – Expanded Content Text

The Floral Management article on website monitoring generated a lot of follow-up questions from florists interested in monitoring their flower shop websites so we've added some extra information on the FloristWare website.

Website Monitoring

Hopefully you count of your website to be available, provide a great online shopping experience and generate orders 24 hours a day. But how can you be sure?

Protecting Your Business With a BYOD Policy

Employees will expect to use personal electronic devices in the workplace and employers need to be prepared with a BYOD (bring your own device) policy.

Wi-Fi Access For Brides & Other Guests

It is now almost essential for florists to extend wi-fi access to their clients during design consultations but it much be done safely and in a way that protects the client, network and data.

Website Monitoring Article in Floral Management

You count on your website to serve your customers, make a great impression and generate orders 24 hours a day. But how can you be sure? A new article in Floral Management shows you how.

Category List

Tag List

Tag Cloud